Aggregator

#coding=utf-8 # # Dll Hijacker # # platform: Python 2.x @ Windows # # author:Coca1ne import os,sys,time import pefile def main(): try: pe = pefile.PE(sys.argv[1]) exportTable ...

以前刚开始学网络安全，是从免杀开始的。记得那时候杀毒软件还很弱。金山江民瑞星还存在。 那会什么原理也不懂，就一直瞎鼓捣。（后来转入渗透行列了） 这段时间一直在学PE格式，突然想起来以前很古老的PE文件头移位。 网上搜了搜，看大家虽然做了视频，但是竟然没人讲原理。借着刚好在学PE格式的知识，就做个PE

时至今日，博客程序也差不多完成了。 欢迎提意见。

According to DARPA, it takes an average of 312 days for security pros to discover software vulnerabilities such as viruses, malware, and other attacks. In hacker time, that’s a virtual eternity in which bad actors can wreak havoc.

There’s a modern joy we’re all too familiar with. We’ve all made an online purchase while reclining in pajamas, computer...

The post Leading E-Commerce Platform Magento Cracked by Cybercriminals appeared first on McAfee Blog.

#include "stdafx.h" #include #include char shellcode[] = "\x31\xd2\xb2\x30\x64\x8b\x12\x8b\x52\x0c\x8b\x52\x1c\x8b\x42" "\x08\x8b\x72\x20\x8b\x12\x80\x7e\x0c\x33\x75\xf2\x89\xc7\x03" "\x78...

A few weeks ago, on Oct. 1, 2016, Verisign successfully doubled the size of the cryptographic key that generates Domain Name System Security Extensions (DNSSEC) signatures for the internet’s DNS root zone. With this change, root zone Domain Name System (DNS) responses can be fully validated using 2048-bit RSA keys. This project involved work by […]

The post A Great Collaborative Effort: Increasing the Strength of the Zone Signing Key for the Root Zone appeared first on Verisign Blog.

培训是提高鉴定人专业素养、确保鉴定质量的必要手段。本期，将继续介绍中立机构SANS的系列培训认证以及产品X-ways的培训。

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC team

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC team

CVE-2015-3825是去年Android系统爆出的高危漏洞，与CVE-2014-7911一样都属于Android系统的反序列化漏洞。通过该漏洞可以实现Android系统提权及代码执行等一系列攻击行为，危害巨大

The latest evolution of cyber weapons is brought to you by the default passwords in Internet of Things (IoT) devices.

The Mirai botnet has infected hundreds of thousands of Internet of Things (IoT) devices, specifically security cameras, by using vendor default passwords for Telnet access.

As technology makes our lives increasingly convenient, we rely on it more. We use it constantly nowadays, even entrusting our...

The post The Old, The New, and The Future: McAfee Labs September Threats Report appeared first on McAfee Blog.

Since 2004, October has been deemed National Cyber Security Awareness Month—a time when government and private organizations come together to...

The post What You Can Gain from National Cyber Security Awareness Month appeared first on McAfee Blog.

Layer 7 attacks are some of the most difficult attacks to mitigate because they mimic normal user behavior and are harder to identify. The application layer (per the Open Systems Interconnection model) consists of protocols that focus on process-to-process communication across an IP network and is the only layer that directly interacts with the end […]

The post Defending Against Layer 7 DDoS Attacks appeared first on Verisign Blog.

介绍一种对恶意抗机器人（自动化攻击）的新思路与技术，脑洞大开

When it comes to data breaches there are hits and there are misses. And then there are hits. Today, there...

The post Cybercriminals Breach Yahoo, Impacting 500 Million Users appeared first on McAfee Blog.